Skip to content

spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Jul 3, 2023

Package

bundler spree_auth_devise (RubyGems)

Affected versions

>= 1.0.0, < 3.0.5

Patched versions

3.0.5
Published by the National Vulnerability Database Mar 8, 2013
Published to the GitHub Advisory Database May 17, 2022
Reviewed Jan 27, 2023
Last updated Jul 3, 2023

Severity

Moderate

EPSS score

0.091%
(40th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-2506

GHSA ID

GHSA-jp57-9j37-5476
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.